CVE-2022-41934 - Critical RCE in XWiki Platform’s Menu Macro—What Happened, How to Exploit, and How to Fix
If you’re running an XWiki instance, here’s a serious heads-up: CVE-2022-41934 exposes a Remote Code Execution (RCE) vulnerability in XWiki’s core menu
CVE-2022-41928 - How Eval Injection in XWiki Platform's AttachmentSelector.xml Exposed Your Wiki (And How to Safeguard It)
The XWiki platform is a popular open-source wiki engine widely used for knowledge management, document collaboration, and enterprise content. But in late 2022, security researchers
CVE-2022-4116 - Exploiting Quarkus Dev UI Config Editor for Drive-By Localhost RCE
---
Introduction
In late 2022, security researchers uncovered a critical vulnerability in Quarkus, a popular Java framework for building cloud-native applications. Assigned as CVE-2022-4116, this
CVE-2022-41936 The `modifications` API does not filter entries by user rights.
-XWiki sites using the `modifications` REST endpoints do not filter entries based on the user's rights. This means that information such as comments,
CVE-2022-44788 - How Session Fixation Affects Appalti & Contratti 9.12.2 – Explained
In late 2022, a security vulnerability was identified in the popular Appalti & Contratti 9.12.2 application platform. Registered as CVE-2022-44788, this flaw exposes
Episode
00:00:00
00:00:00